[Pkg-kbd-devel] Bug#500116: loadkeys segfaults when dealing with certain Unicode characters

Michael Schutte michi at uiae.at
Mon Nov 10 18:53:45 UTC 2008 

forwarded 500116 kbd at lists.altlinux.org
thanks

Hi,

On Wed, Oct 22, 2008 at 09:11:08PM +0200, Michael Schutte wrote:
> On Thu, Sep 25, 2008 at 10:06:30AM +0100, Colin Watson wrote:
> > 'loadkeys -mu' crashes when given the attached pk.kmap file (generated
> > by ckbcomp from console-setup). This is because it XORs the keysym
> > "+U+fe7c" with 0xF000 (as it does with all Unicode characters) and gets
> > a code with KTYP(code) == 14 == KT_BRL and KVAL(code) == 124. KT_BRL
> > obviously has nothing to do with the Arabic Presentation Forms-B range
> > containing U+FE7C, but 124 is significantly larger than the size of
> > brl_syms. codetoksym fails to bounds-check KVAL(code) and thus
> > segfaults.

drivers/char/keyboard.c, kbd_keycode():

	type = KTYP(keysym);

	if (type < 0xf0) {
		param.value = keysym;
		if (atomic_notifier_call_chain(&keyboard_notifier_list, KBD_UNICODE, &param) == NOTIFY_STOP)
			return;
		if (down && !raw_mode)
			to_utf8(vc, keysym);
		return;
	}

	type -= 0xf0;

In other words, the kernel will always treat keysyms >= 0xf000 as
non-Unicode.  At the moment, there is no way to bind keys to characters
in that range.  Upstream has agreed with me that it makes sense to at
least warn the user if they specify U+fxxx keysyms [1], which of course
also fixes the segfault.  So that’s how I will handle the situation in
the next revision.

[1] http://lists.altlinux.org/pipermail/kbd/2008-November/000144.html

> The mess seems to at least partly originate in a Debian-specific patch
> called read_keymaps_fmt.  Some testing shows that our “loadkeys -m”
> (not only, but it is the easiest way to check) differs significantly
> from upstream’s in some cases, not always in ways that look intended.
> I’m going to investigate this further as soon as I can.

For the record, these divergences are due to differences in treating
ASCII characters (< 128) and harmless.

All the best,
-- 
Michael Schutte <michi at uiae.at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-kbd-devel/attachments/20081110/bf148b7b/attachment.pgp

More information about the Pkg-kbd-devel mailing list